IN THE CLAIMS: 



1 . (Original) A method for processing enveloped data objects in a data processing 
system comprising a display, the method comprising the computer-implemented steps of: 

presenting an enveloped data object; and 

modifying the enveloped data object through processing of user actions within a 
graphical user interface. 

2. (Previously presented) The method of claim 1 wherein the enveloped data object 
is formatted according to PKCS (Private Key Cryptography Standard) standards, and 
wherein the enveloped data object is presented on the display. 

3. (Original) The method of claim 1 wherein the step of presenting the enveloped 
data object further comprises: 

obtaining an enveloped data object, wherein the enveloped data object comprises 
a content data object and at least one content encryption key object; 

determining data objects contained with the enveloped data object; 

displaying the enveloped data object, wherein data objects contained within the 
enveloped data object are represented by graphical objects; 

determining logical associations between data objects contained within the 
enveloped data object; and 

displaying visual indicators between graphical objects, wherein the visual 
indicators represent logical associations between data objects contained within the 
enveloped data object. 

4. (Original) The method of claim 3 wherein the step of modifying the enveloped 
data object further comprises: 

selecting a graphical object representing a data object contained within the 
enveloped data object; 

displaying data values of the selected data object; 
editing the data values of the selected data object; and 
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saving the data values of the selected data object in the enveloped data object. 

5. (Original) The method of claim 4 further comprising: 

identifying a data type of the data object represented by the selected graphical 
object, wherein the selected data object is a content data object; and 

identifying a default editor for displaying the selected data object according to the 
identified data type of the data object represented by the selected graphical object. 

6. (Original) The method of claim 4 wherein the step of modifying the enveloped 
data object further comprises: 

selecting a graphical object representing a data object contained within the 
enveloped data object; 

receiving a user action on the selected graphical object representing a deletion 
request; and 

deleting from the enveloped data object the data object represented by the selected 
graphical request. 

7. (Original) The method of claim 6 further comprising: 

determining whether the selected graphical object represents a certificate object; 
in response to a determination that the selected graphical object represents a 
certificate object: 

determining whether the certificate object is logically associated with a 
different certificate object embedded within the enveloped data object; and 

in response to a determination that the certificate object is logically 
associated with a different certificate object embedded within the enveloped data 
object, removing a visual indicator representing a logical association between the 
certificate object and the different certificate object; 

determining whether the certificate object is logically associated with a 
recipient information object; 

in response to a determination that the certificate object is logically 
associated with a recipient information object: 



Page 3 of 18 
Shrader et al. - 09/460,839 



deleting the recipient information object; and 

removing a visual indicator representing a logical association between the 
certificate object and the recipient information object. 

8. (Original) The method of claim 6 further comprising: 

determining whether the selected graphical object represents a certificate 
revocation list object; 

in response to a determination that the selected graphical object represents a 
certificate revocation list object: 

determining whether the certificate revocation list object is logically 

associated with a certificate object; and 

in response to a determination that the certificate revocation list object is 

logically associated with a certificate object, removing a visual indicator 

representing a logical association between the certificate object and the certificate 

revocation list object. 

9. (Original) The method of claim 3 further comprising: 
receiving a user request to send the enveloped data object; 

obtaining one or more e-mail addresses to which to send the enveloped data 
object; and 

in response to a determination that the enveloped data object contains a recipient 
information object, sending an e-mail message comprising the enveloped data object to 
the one or more e-mail addresses. 

10. (Original) The method of claim 3 further comprising: 
receiving a user request to export the enveloped data object; 
obtaining a user-specified file name; and 

storing the enveloped data object in DER-encoded format in the user-specified 

file. 

1 1 . (Original) The method of claim 3 further comprising: 
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receiving a user request to import the enveloped data object; 
obtaining a user-specified file name; 

importing the enveloped data object in DER-encoded format from the user- 
specified file; and 

populating the graphical objects representing data object contained within the 
enveloped data object. 

12. (Original) The method of claim 1 further comprising: 

receiving a user request to add a content data object to the enveloped data object; 

determining whether an encryption key data object is embedded in the enveloped 
data object; 

in response to a determination that an encryption key data object is not embedded 
in the enveloped data object: 

storing the content data object within the enveloped data object; 

displaying a graphical object representing the content data object, wherein 
the graphical object indicates that the content data object is embedded within the 
enveloped data object; 

in response to a determination that an encryption key data object is embedded in 
the enveloped data object: 

generating an encrypted content data object within the enveloped data 
object, wherein the encrypted content data object comprises encrypted content for 
the content data object, a content type identifier for the encrypted content, and an 
encryption algorithm identifier; 

enabling a decrypt button for decrypting the encrypted content data object; 

and 

displaying a graphical object representing the encrypted content data 
object, wherein the graphical object indicates that the encrypted content data 
object is embedded within the enveloped data object. 
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13. (Original) The method of claim 12 further comprising: 

dragging and dropping a graphical object representing the content data object on a 
graphical object representing the enveloped data object. 

14. (Original) The method of claim 1 further comprising: 

receiving a user request to add a certificate object to the enveloped data object; 

storing the certificate object in the enveloped data object; and 

displaying a graphical object representing the certificate object, wherein the 

graphical object indicates that the certificate object is embedded within the enveloped 

data object. 

15. (Original) The method of claim 14 further comprising: 

determining whether the certificate object is logically associated with a different 
certificate object embedded within the enveloped data object; and 

in response to a determination that the certificate object is logically associated 
with a different certificate object embedded within the enveloped data object, displaying 
a visual indicator representing a logical association between the certificate object and the 
different certificate object. 

16. (Original) The method of claim 14 further comprising: 

determining whether an encryption key data object is embedded in the enveloped 
data object; 

in response to a determination that an encryption key data object is embedded in 
the enveloped data object, receiving user input requesting generation of a recipient 
information object; 

generating a recipient information object; 

storing the recipient information object in the enveloped data object; and 
displaying a graphical object representing the recipient information object, 

wherein the graphical object indicates that the recipient information object is embedded 

within the enveloped data object; and 
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displaying a visual indicator representing a logical association between the 
recipient information object and an associated certificate object. 

17. (Original) The method of claim 14 further comprising: 

dragging and dropping a graphical object representing the certificate object on a 
graphical object representing the enveloped data object. 

18. (Original) The method of claim 1 further comprising: 

receiving a user request to add a certificate revocation list object to the enveloped 
data object; 

storing the certificate revocation list object in the enveloped data object; and 
displaying a graphical object representing the certificate revocation list object, 

wherein the graphical object indicates that the certificate revocation list object is 

embedded within the enveloped data object. 

19. (Original) The method of claim 18 further comprising: 

determining whether the certificate revocation list object is logically associated 
with a certificate object embedded within the enveloped data object; and 

in response to a determination that the certificate revocation list object is logically 
associated with a certificate object embedded within the enveloped data object, 
displaying a visual indicator representing a logical association between the certificate 
revocation list object and the certificate object. 

20. (Original) The method of claim 18 further comprising: 

dragging and dropping a graphical object representing the certificate revocation 
list object on a graphical object representing the enveloped data object. 

21 . (Original) The method of claim 3 further comprising: 

receiving a user request to encrypt a content data object embedded in the 
enveloped data object; 
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generating an encrypted content data object within the enveloped data object, 
wherein the encrypted content data object comprises encrypted content for the content 
data object, a content type identifier for the encrypted content, and an encryption 
algorithm identifier; 

enabling a decrypt button for decrypting the encrypted content data object; and 
displaying a graphical object representing the encrypted content data object, 
wherein the graphical object indicates that the encrypted content data object is embedded 
within the enveloped data object. 

22. (Original) The method of claim 3 further comprising: 

receiving a user request to decrypt an encrypted content data object embedded in 
the enveloped data object; 

decrypting the encrypted content data object to a content data object embedded in 
the enveloped data object; 

enabling a encrypt button for encrypting the content data object; and 

displaying a graphical object representing the content data object, wherein the 
graphical object indicates that the content data object is embedded within the enveloped 
data object. 

23. (Original) The method of claim 3 further comprising: 
receiving a user request to select an encryption key algorithm; 
deleting an encryption key embedded in the enveloped data object; and 
removing the encryption key from recipient information objects embedded in the 

enveloped data obj ect. 

24. (Original) A data processing system for processing enveloped data objects in the 
data processing system comprising a display, the data processing system comprising: 

presenting means for presenting an enveloped data object; and 
modifying means for modifying the enveloped data object through processing of 
user actions within a graphical user interface. 
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25. (Previously presented) The data processing system of claim 24 wherein the 
enveloped data object is formatted according to PKCS (Private Key Cryptography 
Standard) standards, and wherein the enveloped data object is presented on the display. 

26. (Original) The data processing system of claim 24 wherein the means for 
presenting the enveloped data object further comprises: 

obtaining means for obtaining an enveloped data object, wherein the enveloped 
data object comprises a content data object and at least one content encryption key object; 

first determining means for determining data objects contained with the enveloped 
data object; 

first displaying means for displaying the enveloped data object, wherein data 
objects contained within the enveloped data object are represented by graphical objects; 

second determining means for determining logical associations between data 
objects contained within the enveloped data object; and 

second displaying means for displaying visual indicators between graphical 
objects, wherein the visual indicators represent logical associations between data objects 
contained within the enveloped data object. 

27. (Original) The data processing system of claim 26 wherein the means for 
modifying the enveloped data object further comprises: 

first selecting means for selecting a graphical object representing a data object 
contained within the enveloped data object; 

third displaying means for displaying data values of the selected data object; 

editing means for editing the data values of the selected data object; and 

saving means for saving the data values of the selected data object in the 
enveloped data object. 

28. (Original) The data processing means of claim 27 further comprising: 

first identifying means for identifying a data type of the data object represented by 
the selected graphical object, wherein the selected data object is a content data object; 
and 
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second identifying means for identifying a default editor for displaying the 
selected data object according to the identified data type of the data object represented by 
the selected graphical object. 

29. (Original) The data processing system of claim 27 wherein the means for 
modifying the enveloped data object further comprises: 

second selecting means for selecting a graphical object representing a data object 
contained within the enveloped data object; 

first receiving means for receiving a user action on the selected graphical object 
representing a deletion request; and 

first deleting means for deleting from the enveloped data object the data object 
represented by the selected graphical request. 

30. (Original) The data processing system of claim 29 further comprising: 

third determining means for determining whether the selected graphical object 
represents a certificate object; 

fourth determining means for determining, in response to a determination that the 
selected graphical object represents a certificate object, whether the certificate object is 
logically associated with a different certificate object embedded within the enveloped 
data object; 

first removing means for removing, in response to a determination that the 
certificate object is logically associated with a different certificate object embedded 
within the enveloped data object, a visual indicator representing a logical association 
between the certificate object and the different certificate object; 

fifth determining means for determining whether the certificate object is logically 
associated with a recipient information object; 

second deleting means for deleting, in response to a determination that the 
certificate object is logically associated with a recipient information object, the recipient 
information object; and 

second removing means for removing, in response to a determination that the 
certificate object is logically associated with a recipient information object, a visual 
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indicator representing a logical association between the certificate object and the 
recipient information object. 

3 1 . (Original) The data processing system of claim 29 further comprising: 

sixth determining means for determining whether the selected graphical object 
represents a certificate revocation list object; 

seventh determining means for determining, in response to a determination that 
the selected graphical object represents a certificate revocation list object, whether the 
certificate revocation list object is logically associated with a certificate object; and 

third removing means for removing, in response to a determination that the 
certificate revocation list object is logically associated with a certificate object, a visual 
indicator representing a logical association between the certificate object and the 
certificate revocation list object. 

32. (Original) The data processing system of claim 26 further comprising: 
second receiving means for receiving a user request to send the enveloped data 

object; 

first obtaining means for obtaining one or more e-mail addresses to which to send 
the enveloped data object; and 

first sending means for sending, in response to a determination that the enveloped 
data object contains a recipient information object, an e-mail message comprising the 
enveloped data object to the one or more e-mail addresses. 

33. (Original) The data processing system of claim 26 further comprising: 

third receiving means for receiving a user request to export the enveloped data 

object; 

second obtaining means for obtaining a user-specified file name; and 
first storing means for storing the enveloped data object in DER-encoded format 
in the user-specified file. 
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34. (Original) The data processing system of claim 26 further comprising: 

fourth receiving means for receiving a user request to import the enveloped data 

object; 

third obtaining means for obtaining a user-specified file name; 

importing means for importing the enveloped data object in DER-encoded format 
from the user-specified file; and 

populating means for populating the graphical objects representing data object 
contained within the enveloped data object. 

35. (Original) The data processing system of claim 24 further comprising: 

fifth receiving means for receiving a user request to add a content data object to 
the enveloped data object; 

eighth determining means for determining whether an encryption key data object 
is embedded in the enveloped data object; 

second storing means for storing, in response to a determination that an 
encryption key data object is not embedded in the enveloped data object, the content data 
object within the enveloped data object; 

fourth displaying means for displaying, in response to a determination that an 
encryption key data object is not embedded in the enveloped data object, a graphical 
object representing the content data object, wherein the graphical object indicates that the 
content data object is embedded within the enveloped data object; 

first generating means for generating, in response to a determination that an 
encryption key data object is embedded in the enveloped data object, an encrypted 
content data object within the enveloped data object, wherein the encrypted content data 
object comprises encrypted content for the content data object, a content type identifier 
for the encrypted content, and an encryption algorithm identifier; 

first enabling means for enabling, in response to a determination that an 
encryption key data object is embedded in the enveloped data object, a decrypt button for 
decrypting the encrypted content data object; and 

fifth displaying means for displaying, in response to a determination that an 
encryption key data object is embedded in the enveloped data object, a graphical object 
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representing the encrypted content data object, wherein the graphical object indicates that 
the encrypted content data object is embedded within the enveloped data object. 

36. (Original) The data processing system of claim 35 further comprising: 

first dragging and dropping means for dragging and dropping a graphical object 
representing the content data object on a graphical object representing the enveloped data 
object. 

37. (Original) The data processing system of claim 24 further comprising: 

sixth receiving means for receiving a user request to add a certificate object to the 
enveloped data object; 

third storing means for storing the certificate object in the enveloped data object; 

and 

sixth displaying means for displaying a graphical object representing the 
certificate object, wherein the graphical object indicates that the certificate object is 
embedded within the enveloped data object. 

38. (Original) The data processing system of claim 37 further comprising: 

ninth determining means for determining whether the certificate object is logically 
associated with a different certificate object embedded within the enveloped data object; 
and 

seventh displaying means for displaying, in response to a determination that the 
certificate object is logically associated with a different certificate object embedded 
within the enveloped data object, a visual indicator representing a logical association 
between the certificate object and the different certificate object. 

39. (Original) The data processing system of claim 37 further comprising: 

tenth determining means for determining whether an encryption key data object is 
embedded in the enveloped data object; 
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receiving means for receiving, in response to a determination that an encryption 
key data object is embedded in the enveloped data object, user input requesting 
generation of a recipient information object; 

second generating means for generating the recipient information object; 

third storing means for storing the recipient information object in the enveloped 
data object; and 

eighth displaying means for displaying a graphical object representing the 
recipient information object, wherein the graphical object indicates that the recipient 
information object is embedded within the enveloped data object; and 

ninth displaying means for displaying a visual indicator representing a logical 
association between the recipient information object and an associated certificate object. 

40. (Original) The data processing system of claim 37 further comprising: 
second dragging and dropping means for dragging and dropping a graphical 

object representing the certificate object on a graphical object representing the enveloped 
data object. 

41 . (Original) The data processing system of claim 24 further comprising: 
seventh receiving means for receiving a user request to add a certificate 

revocation list object to the enveloped data object; 

third storing means for storing the certificate revocation list object in the 
enveloped data object; and 

tenth displaying means for displaying a graphical object representing the 
certificate revocation list object, wherein the graphical object indicates that the certificate 
revocation list object is embedded within the enveloped data object. 

42. (Original) The data processing system of claim 41 further comprising: 
eleventh determining means for determining whether the certificate revocation list 

object is logically associated with a certificate object embedded within the enveloped 
data object; and 
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eleventh displaying means for displaying, in response to a determination that the 
certificate revocation list object is logically associated with a certificate object embedded 
within the enveloped data object, a visual indicator representing a logical association 
between the certificate revocation list object and the certificate object. 

43. (Original) The data processing system of claim 41 further comprising: 

third dragging and dropping means for dragging and dropping a graphical object 
representing the certificate revocation list object on a graphical object representing the 
enveloped data object. 

44. (Original) The data processing system of claim 26 further comprising: 
eighth receiving means for receiving a user request to encrypt a content data 

object embedded in the enveloped data object; 

third generating means for generating an encrypted content data object within the 
enveloped data object, wherein the encrypted content data object comprises encrypted 
content for the content data object, a content type identifier for the encrypted content, and 
an encryption algorithm identifier; 

second enabling means for enabling a decrypt button for decrypting the encrypted 
content data object; and 

twelfth displaying means for displaying a graphical object representing the 
encrypted content data object, wherein the graphical object indicates that the encrypted 
content data object is embedded within the enveloped data object. 

45. (Original) The data processing system of claim 26 further comprising: 

ninth receiving means for receiving a user request to decrypt an encrypted content 
data object embedded in the enveloped data object; 

decrypting means for decrypting the encrypted content data object to a content 
data object embedded in the enveloped data object; 

third enabling means for enabling a encrypt button for encrypting the content data 
object; and 
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thirteenth displaying means for displaying a graphical object representing the 
content data object, wherein the graphical object indicates that the content data object is 
embedded within the enveloped data object. 

46. (Original) The data processing system of claim 26 further comprising: 
tenth receiving means for receiving a user request to select an encryption key 

algorithm; 

third deleting means for deleting an encryption key embedded in the enveloped 
data object; and 

fourth removing means for removing the encryption key from recipient 
information objects embedded in the enveloped data object. 

47. (Original) A computer program product in a computer-readable medium for use in 
a data processing system for processing enveloped data objects, the computer program 
product comprising: 

first instructions for presenting an enveloped data object; and 
second instructions for modifying the enveloped data object through processing of 
user actions within a graphical user interface. 

48. (Previously presented) The computer program product of claim 47 wherein the 
enveloped data object is formatted according to PKCS (Private Key Cryptography 
Standard) standards, and wherein the enveloped data object is presented on the display. 

49. (Original) The computer program product of claim 47 wherein the instructions for 
presenting the enveloped data object further comprise: 

instructions for obtaining an enveloped data object, wherein the enveloped data 
object comprises a content data object and at least one content encryption key object; 
instructions for determining data objects contained with the enveloped data 

object; 

instructions for displaying the enveloped data object, wherein data objects 
contained within the enveloped data object are represented by graphical objects; 
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instructions for determining logical associations between data objects contained 
within the enveloped data object; and 

instructions for displaying visual indicators between graphical objects, wherein 
the visual indicators represent logical associations between data objects contained within 
the enveloped data object. 

50. (Original) The computer program product of claim 49 wherein the instructions for 
modifying the enveloped data object further comprise: 

instructions for selecting a graphical object representing a data object contained 
within the enveloped data object; 

instructions for displaying data values of the selected data object; 

instructions for editing the data values of the selected data object; and 

instructions for saving the data values of the selected data object in the enveloped 
data object. 
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